cowrie: update Dockerfile

cowrie/Dockerfile

@@ -7,12 +7,7 @@ ARG GPG_MPFR="07F3 DBBE CC1A 3960 5078  094D 980C 1976 98C3 739D"
 ARG GPG_MPC="AD17 A21E F8AE D8F1 CC02  DBD9 F7D5 C9BF 765C 61E3"
 ARG SHA1_MPC="b8be66396c726fdc36ebb0f692ed8a8cca3bcc66"
 
-ENV UID=1000 \
+ENV UID=991 GID=991
-    GID=1000 \
-    HOSTNAME=svr04 \
-    DL_LIMIT=10485760 \
-    FACING_IP=9.9.9.9 \
-    JSON_LOG=False
 
 RUN BUILD_DEPS=" \
     build-base \
@@ -70,7 +65,7 @@ COPY run.sh /usr/local/bin/run.sh
 
 RUN chmod +x /usr/local/bin/run.sh
 
-VOLUME /cowrie/log /cowrie/dl /cowrie/custom
+VOLUME /cowrie/log /cowrie/dl /custom
 
 EXPOSE 2222
 

cowrie/README.md

@@ -1,4 +1,4 @@
-## wonderfall/cowrie
+x## wonderfall/cowrie
 
 #### What is this?
 Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.
@@ -10,15 +10,18 @@ Cowrie is a medium interaction SSH honeypot designed to log brute force attacks
 - **SHA_** : fingerprints of tarballs
 
 #### Environment variables
-- **HOSTNAME** : the hostname displayed in the honeypot. 
+- **UID** *(default : 991)*
-- **DL_LIMIT** : the maximum size (in bytes!) of a stored downloaded file (0 = no limit). 
+- **GID** *(default : 991)*
-- **FACING_IP** : your IP (you have to set it manually because cowrie fails to detect it when running in Docker). 
+
-- **JSON_LOG** : disables json logging if set to False.
+#### How to configure
+You should provide your own configuration file from this base : https://raw.githubusercontent.com/micheloosterhof/cowrie/master/cowrie.cfg.dist
+You can mount this single file to your Docker container.
 
 #### Volumes
 - **/cowrie/dl** : where downloads are stored.
 - **/cowrie/log** : cowrie and tty sessions logs.
-- **/cowrie/custom** : feel free to customize cowrie structure.
+- **/cowrie/cowrie.cfg** : cowrie configuration file. **Provide yours!**
+- **/custom** : customize cowrie structure with your own files
 
 #### Docker compose (example)
 ```
@@ -27,13 +30,11 @@ cowrie:
   ports:
     - "2222:2222"
   volumes:
-    - /mnt/cowrie/dl:/dl
+    - /mnt/cowrie/dl:/cowrie/dl
-    - /mnt/cowrie/log:/log
+    - /mnt/cowrie/log:/cowrie/log
+    - /mnt/cowrie/custom:/custom
+    - /mnt/cowrie/cowrie.cfg:/cowrie/cowrie.cfg
   environment:
-    - HOSTNAME=foobar
-    - DL_LIMIT=2048
-    - FACING_IP=9.9.9.9
-    - JSON_LOG=False
     - GID=1000
     - UID=1000
 ```

cowrie/run.sh

@@ -1,18 +1,9 @@
 #!/bin/sh
 cd /cowrie
 
-sed -i -e "s/hostname = svr04/hostname = ${HOSTNAME}/g" \
+rm twistd.pid &>/dev/null
-       -e "s/#download_limit_size = 10485760/download_limit_size = ${DL_LIMIT}/g" \
+mkdir -p /cowrie/log/tty &>/dev/null
-       -e "s/#internet_facing_ip = 9.9.9.9/internet_facing_ip = ${FACING_IP}/g" cowrie.cfg
+cp -R /custom/* /cowrie &>/dev/null
-
-if [ "${JSON_LOG}" == "False" ]; then
-    sed -i -e "s/\[output_jsonlog\]/#\[output_jsonlog\]/g" \
-           -e "s|logfile = log/cowrie.json|#logfile = log/cowrie.json|g" cowrie.cfg
-fi
-
-rm twistd.pid
-mkdir -p /cowrie/log/tty
-cp -R /cowrie/custom/* /cowrie
 chown -R $UID:$GID /cowrie
 
 COWRIEDIR=$(dirname $0)